stagefright-v2

 

Android platform seems to be the target of many attacks in recent times, and many of them show major vulnerabilities of  Google’s software. The company recently solved Stagefright exploit problems, which used video files to attack devices with Android operating system, but has just discovered a new exploit similar, using this time both MP3 and MP4 for results like.

To trigger the attack, the user should try to play an audio or video file amended accessing various libraries in the operating system, providing the ability to run malicious code. One of the targets of the attack is the bookstore “libutils” present in the OS since version 1.0, which suggests that the new Stagefright 2.0 can run on any Android devices available on the market. Devices with updated software, which recently received security updates can also be vulnerable due to access that Stagefright 2.0 can receive the library “libstagefright” which is normally used for playing multimedia content.

Google knows vulnerability and promised a security update that will be released next week. Of course, once the new software becomes public, it will take some time until all devices will be updated. The first which receive the update are Nexus devices in range, and then followed by other manufacturers, which typically must obtain approval before launching phone operators itself. To guard against such attacks, the best advice is to not start the video or audio clips from unknown sources.